10 June 2014

The email attachment looked like a brochure for a yoga studio in Toulouse, France, the center of the European aerospace industry. But once it was opened, it allowed hackers to sidestep their victim’s network security and steal closely guarded satellite technology.

The fake yoga brochure was one of many clever come-ons used by a stealth Chinese military unit for hacking, said researchers at CrowdStrike, an Irvine, Calif., security company. Their targets were the networks of European, American and Japanese government entities, military contractors and research companies in the space and satellite industry, systematically broken into for seven years.

Just weeks after the Justice Department indicted five members of the Chinese army, accusing them of online attacks on United States corporations, a new report from CrowdStrike, released on Monday, offers more evidence of the breadth and ambition of China’s campaign to steal trade and military secrets from foreign victims.

The report, parts of which The New York Times was able to corroborate independently, ties attacks against dozens of public and private sector organizations back to a group of Shanghai-based hackers whom CrowdStrike called Putter Panda because they often targeted golf-playing conference attendees. The National Security Agency and its partners have identified the hackers as Unit 61486, according to interviews with a half-dozen current and former American officials.